[strongSwan-dev] strongSwan RSA signature vulnerability
yaronf.ietf at gmail.com
Thu May 31 17:43:00 CEST 2012
Please clarify: is the "gmp" plugin used for this purpose by default,
e.g. when no specific pugins are specified in strongswan.conf?
On 05/31/2012 06:23 PM, Martin Willi wrote:
> We have been informed about a security vulnerability in
> strongSwan. If the strongSwan "gmp" plugin is used for RSA signature
> verification, an empty or zeroed signature is handled as a legitimate
> one. CVE-2012-2388 has been reserved for this vulnerability.
> To exploit the vulnerability, a connection definition using RSA
> authentication is required. An attacker presenting a forged signature
> and/or certificate can authenticate as any legitimate user. strongSwan
> version back to 4.2.0 and up to 4.6.3 are affected, using both IKEv1 and
> IKEv2. Injecting code is not possible by such an attack.
> The patch at  fixes the vulnerability and should apply to all
> affected versions. Please update your installations as soon as possible.
> strongSwan 4.6.4 including the fix is available at , the release
> announcement will follow soon.
> Our apologies for having such a serious vulnerability in the strongSwan
> Kind Regards
> Dev mailing list
> Dev at lists.strongswan.org
More information about the Dev